Allow internet access from private subnet using NAT Device:

Allow instances in a private subnet to download software patches while denying

inbound traffic from internet

Allow instances in a private subnet to connect privately to other AWS Services

outside the VPC

Three Options:

NAT Instance: Install an EC2 instance with specific NAT AMI and configure as a gateway

Created in public subnet with public IP address or Elastic IP

Assigned with Security Group allowing

Inbound - HTTP(80) HTTPS(443) from private subnet

Outbound - HTTP(80) & HTTPS(443) to internet (0.0.0.0/0)

NAT Gateway: Managed Service (PREFERRED - No maintenance, more availability & high bandwidth)

Created in PUBLIC subnet with Elastic IP Address

Egress-Only Internet Gateways: For IPv6 subnets (NAT Gateway supports IPv4 ONLY)

Private Subnet Route Table should have a rule to direct all outbound

traffic (0.0.0.0/0) to the NAT device